Lucene search
K
ThreatpostMost viewed

15946 matches found

ThreatPost
ThreatPost
added 2019/02/12 9:34 p.m.431 views

Microsoft Patches Zero Day Browser Bug Under Active Attack

It’s a busy Patch Tuesday for Microsoft with a total of 20 critical vulnerabilities addressed in this February’s monthly security bulletin. Four bugs, rated important, were previously publicly known. Worse, Microsoft said a zero-day bug tied to its Internet Explorer browser, also rated important,...

7.5CVSS1AI score0.86863EPSS
Exploits17References6
ThreatPost
ThreatPost
added 2020/06/08 3:54 p.m.429 views

SMBGhost RCE Exploit Threatens Corporate Networks

The release of a fully functional proof-of-concept PoC exploit for a critical, wormable remote code-execution RCE vulnerability in Windows could spark a wave of cyberattacks, the feds have warned. Microsoft patched the bug tracked as CVE-2020-0796 back in March; also known as SMBGhost or...

7.5CVSS1.7AI score0.9981EPSS
Exploits125References11
ThreatPost
ThreatPost
added 2019/04/12 2:13 p.m.429 views

Wordpress Yellow Pencil Plugin Flaws Actively Exploited

The maker of a WordPress plugin, Yellow Pencil Visual Theme Customizer, is asking all users to immediately update after it was discovered to have software vulnerabilities that are being actively exploited. The attacker exploiting these flaws has been behind several other recent plugin attacks the...

7.5CVSS0.5AI score0.9927EPSS
Exploits45References9
ThreatPost
ThreatPost
added 2021/10/15 6:5 p.m.427 views

TrickBot Gang Enters Cybercrime Elite with Fresh Affiliates

The cybercriminals behind the infamous TrickBot trojan have signed two additional distribution affiliates, dubbed Hive0106 aka TA551 and Hive0107 by IBM X-Force. The result? Escalating ransomware hits on corporations, especially using the Conti ransomware. The development also speaks to the...

9CVSS9.1AI score0.99759EPSS
Exploits41References13
ThreatPost
ThreatPost
added 2021/04/15 12:19 p.m.426 views

Attackers Target ProxyLogon Exploit to Install Cryptojacker

Cryptojacking can be added to the list of threats that face any unpatched Exchange servers that remain vulnerable to the now-infamous ProxyLogon exploit, new research has found. Researchers discovered the threat actors using Exchange servers compromised using the highly publicized exploit...

7.5CVSS9.5AI score0.99999EPSS
Exploits66References11
ThreatPost
ThreatPost
added 2020/09/14 9:20 p.m.426 views

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers. Patches are currently available...

10CVSS0.3AI score0.99999EPSS
Exploits159References17
ThreatPost
ThreatPost
added 2020/04/16 6:49 p.m.424 views

Cisco IP Phone Harbors Critical RCE Flaw

Cisco is warning of a critical flaw in the web server of its IP phones. If exploited, the flaw could allow an unauthenticated, remote attacker to execute code with root privileges or launch a denial-of-service DoS attack. Proof-of-concept PoC exploit code has been posted on GitHub for the...

10CVSS0.3AI score0.88374EPSS
Exploits12References14
ThreatPost
ThreatPost
added 2020/08/05 3:47 p.m.416 views

Microsoft Teams Patch Bypass Allows RCE

COVID-19 has spurred the use of videoconferencing for businesses worldwide – and this expanded threat surface has lured attackers like moths to a flame. Adding insult to injury, researchers have recently discovered a workaround for a previous patch issued for Microsoft Teams, that would allow a...

0.2AI score0.26869EPSS
Exploits0References7
ThreatPost
ThreatPost
added 2020/06/18 9:30 a.m.416 views

InvisiMole Group Resurfaces Touting Fresh Toolset, Gamaredon Partnership

The InvisiMole threat group has resurfaced in a new campaign, revealing a new toolset and a strategic collaboration with the high-profile Gamaredon advanced persistent threat APT group. InvisiMole was first uncovered by ESET in 2018, with cyberespionage activity dating back to 2013 in operations ...

10CVSS0.2AI score0.99999EPSS
Exploits177References11
ThreatPost
ThreatPost
added 2015/08/07 9:0 a.m.413 views

Manipulating Microsoft WSUS to Own Enterprises

LAS VEGAS – Windows Server Update Services WSUS is your friend, if you run an enterprise IT shop, because it facilitates the download and distribution of security patches, service pack installations and hardware driver updates among others. Two researchers this week at the Black Hat conference,...

9.3CVSS0.8AI score0.99945EPSS
Exploits33References2
ThreatPost
ThreatPost
added 2022/04/29 11:51 a.m.412 views

Cyberespionage APT Now Identified as Three Separate Actors

A threat group responsible for sophisticated cyberespionage attacks against U.S. utilities is actually comprised of three subgroups, all with their own toolsets and targets, that have been operating globally since 2018, researchers have found. TA410 is a cyberespionage umbrella group loosely link...

9.3CVSS8.8AI score0.99945EPSS
Exploits33References9
ThreatPost
ThreatPost
added 2022/01/31 9:59 p.m.411 views

Public Exploit Released for Windows 10 Bug

Security teams might have skipped January’s Patch Tuesday after reports of it breaking servers, but it also included a patch for a privilege-escalation bug in Windows 10 that leaves unpatched systems open to malicious actors looking for administrative access. It’s a bug that now has a...

7.8CVSS8AI score0.78376EPSS
Exploits22References14
ThreatPost
ThreatPost
added 2018/07/27 8:41 p.m.411 views

FELIXROOT Backdoor Resurfaces in Environmental Spam Campaign

After a few months of absence, the FELIXROOT backdoor malware has been spotted in a fresh malspam campaign. The campaign uses weaponized lure documents claiming to contain seminar information on environmental protection efforts. This backdoor has a range of functions, including the ability to...

9.3CVSS1.8AI score0.99945EPSS
Exploits62References4
ThreatPost
ThreatPost
added 2022/03/21 5:48 p.m.409 views

Conti Ransomware V. 3, Including Decryptor, Leaked

Pro-Ukraine security researcher @ContiLeaks yesterday uploaded a fresher version of Conti ransomware than they had previously released – specifically, the source code for Conti Ransomware V3.0 – to VirusTotal. ContiLeaks posted a link to the code on Twitter. The code includes a compiled locker an...

9.2AI score
Exploits0References23
ThreatPost
ThreatPost
added 2020/10/13 8:41 p.m.409 views

Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes

Researchers are warning of a recent dramatic uptick in the activity of the Lemon Duck cryptocurrency-mining botnet, which targets victims’ computer resources to mine the Monero virtual currency. Click to Register! Researchers warn that Lemon Duck is “one of the more complex” mining botnets, with...

10CVSS0.1AI score0.99999EPSS
Exploits123References15
ThreatPost
ThreatPost
added 2020/09/03 5:30 p.m.407 views

Attackers Can Exploit Critical Cisco Jabber Flaw With One Message

Researchers are warning of a critical remote code-execution RCE flaw in the Windows version of Cisco Jabber, the networking company’s video-conferencing and instant-messaging application. Attackers can exploit the flaw merely by sending targets specially crafted messages – no user interaction...

9.3CVSS8AI score0.62119EPSS
Exploits1References10
ThreatPost
ThreatPost
added 2020/01/03 6:33 p.m.407 views

3 Critical Bugs Allow Remote Attacks on Cisco NX-OS and Switches

Cisco Systems has issued patches for three critical vulnerabilities impacting a key tool for managing its network platform and switches. The bugs could allow an unauthenticated, remote attacker to bypass endpoint authentication and execute arbitrary actions with administrative privileges on...

10CVSS9.6AI score0.92835EPSS
Exploits17References10
ThreatPost
ThreatPost
added 2019/06/27 8:16 p.m.407 views

Leaky Amazon S3 Buckets Expose Data of Netflix, TD Bank

Three publicly-accessible cloud storage buckets from data management company Attunity leaked more than a terabyte of data from its top Fortune 100 customers – including internal business documents, system passwords, sensitive employee information. Israel-based Attunity, which was acquired by Qlik...

6.9AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/03/11 5:13 p.m.406 views

Wormable, Unpatched Microsoft Bug Threatens Corporate LANs

UPDATE Microsoft released an emergency out-of-band patch to fix a SMBv3 wormable bug on Thursday that leaked earlier this week. The a patch for the vulnerability, tracked as CVE-2020-0796, is now rolling out to Windows 10 and Windows Server 2019 systems worldwide, according to Microsoft. On...

7.5CVSS0.6AI score0.9981EPSS
Exploits125References14
ThreatPost
ThreatPost
added 2019/10/23 6:3 p.m.406 views

Fujitsu Wireless Keyboard Plagued By Unpatched Flaws

Two high-severity flaws, discovered in a popular Fujitsu wireless keyboard set, could allow attackers from a short distance away to “eavesdrop” on passwords entered into the keyboards, or even fully takeover a victim’s system. Making matters worse, the impacted Fujitsu wireless keyboard LX390...

10CVSS0.2AI score0.99965EPSS
Exploits32References14
ThreatPost
ThreatPost
added 2021/03/12 4:26 p.m.404 views

Microsoft Exchange Exploits Pave a Ransomware Path

Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned. The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in earl...

7.5CVSS9.7AI score0.99999EPSS
Exploits66References14
ThreatPost
ThreatPost
added 2021/03/24 6:39 p.m.399 views

Microsoft Exchange Servers See ProxyLogon Patching Frenzy

The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft. The computing giant tweeted out the stat earlier this week – though of course patching won’t fix already-compromised machines. Still, that...

7.5CVSS10AI score0.99999EPSS
Exploits66References12
ThreatPost
ThreatPost
added 2020/08/06 3:24 p.m.398 views

High-Severity Cisco DoS Flaw Plagues Small-Business Switches

Cisco is warning of a high-severity flaw that could allow remote, unauthenticated attackers to cripple several of its popular small-business switches with denial of service DoS attacks. The vulnerability stems from the IPv6 packet processing engine in the switches. IPv6 also known as Internet...

7.2CVSS1AI score0.26869EPSS
Exploits5References9
ThreatPost
ThreatPost
added 2020/07/06 7:6 p.m.398 views

Admins Urged to Patch Critical F5 Flaw Under Active Attack

Security experts are urging companies to deploy an urgent patch for a critical vulnerability in F5 Networks’ networking devices, which is being actively exploited by attackers to scrape credentials, launch malware and more. Last week, F5 Networks issued urgent patches for the critical remote...

10CVSS0.1AI score0.99999EPSS
Exploits61References18
ThreatPost
ThreatPost
added 2021/04/30 7:32 p.m.395 views

PortDoor Espionage Malware Takes Aim at Russian Defense Sector

A previously undocumented backdoor malware, dubbed PortDoor, is being used by a probable Chinese advanced persistent threat actor APT to target the Russian defense sector, according to researchers. The Cybereason Nocturnus Team observed the cybercriminals specifically going after the Rubin Design...

9.3CVSS8.8AI score0.99945EPSS
Exploits36References8
ThreatPost
ThreatPost
added 2020/10/15 8:59 p.m.395 views

Critical Magento Holes Open Online Shops to Code Execution

Two critical flaws in Magento – Adobe’s e-commerce platform that is commonly targeted by attackers like the Magecart threat group – could enable arbitrary code execution on affected systems. Retail is set to boom in the coming months – between this week’s Amazon Prime Day and November’s Black...

2AI score0.0552EPSS
Exploits1References9
ThreatPost
ThreatPost
added 2020/06/19 1:5 p.m.394 views

Netgear Zero-Day Allows Full Takeover of Dozens of Router Models

UPDATED Researchers this week said they discovered an unpatched, zero-day vulnerability in firmware for Netgear routers that put 79 device models at risk for full takeover, they said. Netgear has since issued several hot fixes, available here. The flaw, a memory-safety issue present in the...

10AI score0.26869EPSS
Exploits0References11
ThreatPost
ThreatPost
added 2022/03/28 5:33 p.m.391 views

Critical Sophos Security Bug Allows RCE on Firewalls

Cybersecurity stalwart Sophos has plugged a critical vulnerability in its firewall product, which could allow remote code-execution. The flaw, tracked as CVE-2022-1040, is specifically an authentication-bypass vulnerability in the User Portal and Webadmin of the Sophos Firewall. It affects versio...

9.8CVSS7.5AI score0.99796EPSS
Exploits9References5
ThreatPost
ThreatPost
added 2019/06/27 9:50 p.m.391 views

Smart Lock Turns Out to be Not So Smart, or Secure

Researchers are warning a keyless smart door lock made by U-tec, called Ultraloq, could allow attackers to track down where the device is being used and easily pick the lock – either virtually or physically. Ultraloq is a Bluetooth fingerprint and touchscreen door lock sold for about $200. It...

Exploits0References4
ThreatPost
ThreatPost
added 2019/06/28 1:0 p.m.389 views

Death of the VPN: Enterprise Security Needs New Foundations

Introduced to the market nearly two decades ago, enterprise VPN technology has been uniquely enduring. Most large organizations still employ a VPN solution, and many seem to rely on it unquestioningly to provide secure remote access. It’s a rarefied position for a tool that hasn’t fundamentally...

7.2AI score
Exploits0References9
ThreatPost
ThreatPost
added 2020/03/23 8:56 p.m.388 views

Apache Tomcat Exploit Poised to Pounce, Stealing Files

A vulnerability in the popular Apache Tomcat web server is ripe for active attack, thanks to a proof-of-concept PoC exploit making an appearance on GitHub. The now-patched bug affects Tomcat versions 7.0, 8.5 and 9.0. According to Flashpoint analysts Cheng Lu and Steven Ouellette, an exploit for...

7.5CVSS9.6AI score0.9981EPSS
Exploits170References3
ThreatPost
ThreatPost
added 2017/06/27 4:6 p.m.388 views

Complex Petya-Like Ransomware Outbreak Worse than WannaCry

Join Kaspersky Lab and Comae Technologies Thursday June 29, 2017 at 10 a.m. Eastern time for a webinar “The Inside Story of the Petya/ExPetr Ransomware.” Click here to attend. The attackers behind today’s global ransomware outbreak are spreading the malware using a modified version of the leaked...

9.3CVSS0.3AI score0.99933EPSS
Exploits29References15
ThreatPost
ThreatPost
added 2018/10/09 9:24 p.m.387 views

Microsoft Patches Zero-Day Under Active Attack by APT

Microsoft has issued a patch for a zero-day bug being actively exploited in the wild, as part of its Patch Tuesday security bulletin. The vulnerability is an elevation-of-privilege flaw, rated important, affecting the Windows Win32k component. The zero-day CVE-2018-8453, found by Kaspersky Lab,...

9.3CVSS0.69833EPSS
Exploits12References7
ThreatPost
ThreatPost
added 2020/03/02 9:59 p.m.386 views

NetSupport Manager RAT Spread via Bogus NortonLifeLock Docs

The legitimate remote access tool RAT called NetSupport Manager, used for troubleshooting and tech support, is being converted into a malicious weapon by cybercriminals. Researchers at Palo Alto Networks’ Unit 42 division have spotted a spam campaign attempting to deliver a malicious Microsoft Wo...

0.6AI score0.26869EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2019/06/27 4:17 p.m.385 views

Thousands of IoT Devices Bricked By Silex Malware

A 14-year-old hacker used a new strain of malware this week to brick up to 4,000 insecure Internet of Things devices – before abruptly shutting down his command and control server. The malware, dubbed Silex, was first discovered by Larry Cashdollar, senior security intelligence response engineer ...

0.1AI score
Exploits0References9
ThreatPost
ThreatPost
added 2019/03/22 4:7 p.m.385 views

Medtronic Defibrillators Have Critical Flaws, Warns DHS

The Department of Homeland Security has issued an emergency alert warning of critical flaws allowing attackers to tamper with several Medtronic medical devices, including defibrillators. The two vulnerabilities – comprised of a medium and critical-severity flaw – exist in 20 products made by the...

7.5CVSS2.5AI score0.99999EPSS
Exploits48References8
ThreatPost
ThreatPost
added 2022/03/14 9:50 p.m.384 views

Staff Think Conti Group Is a Legit Employer – Podcast

Thanks to gray-hat Ukrainian hacker ContiLeaks, the Conti ransomware gang spilled its guts in late February. Since then, researchers have been poring over the group’s secrets, including a massive trove of chat logs and other doxxed data, including source code for Conti ransomware, TrickBot malwar...

8.9AI score
Exploits0References8
ThreatPost
ThreatPost
added 2021/07/02 12:21 p.m.382 views

CISA Offers New Mitigation for PrintNightmare Bug

The U.S. government has stepped in to offer a mitigation for a critical remote code execution RCE vulnerability in the Windows Print Spooler service that may not have been fully patched by Microsoft’s initial effort to fix it. To mitigate the bug, dubbed PrintNightmare, the CERT Coordination Cent...

9.3CVSS9.3AI score0.99759EPSS
Exploits75References9
ThreatPost
ThreatPost
added 2021/04/28 5:48 p.m.382 views

Google Chrome V8 Bug Allows Remote Code-Execution

Google’s Chrome browser has several security vulnerabilities that could pave the way to multiple types of attacks, including a V8 bug that could allow remote code execution RCE within a user’s browser. The high-severity V8 issue is tracked as CVE-2021-21227, and was reported by Gengming Liu from...

6.8CVSS8AI score0.99595EPSS
Exploits14References10
ThreatPost
ThreatPost
added 2020/02/05 6:50 p.m.381 views

New Lemon Duck Malware Campaign Targets IoT, Large Manufacturers

Printers, smart TVs and automated guided vehicles that depend on Windows 7 have become the latest juicy targets for cybercriminals leveraging a “self-spreading” variant of the malware Lemon Duck. In a report released Wednesday by TrapX Security, researchers warn manufacturers dependent on IoT...

2.2AI score0.0552EPSS
Exploits1References5
ThreatPost
ThreatPost
added 2021/12/13 6:46 p.m.377 views

Malicious PyPI Code Packages Rack Up Thousands of Downloads

Three malicious packages hosted in the Python Package Index PyPI code repository have been uncovered, which collectively have more than 12,000 downloads – and presumably slithered into installations in various applications. Independent researcher Andrew Scott found the packages during a nearly...

9.4AI score
Exploits0References6
ThreatPost
ThreatPost
added 2021/07/28 6:33 p.m.377 views

New Ransomware Gangs Haron & BlackMatter Are After Fat Cats

So much for darkened servers at the headquarters of DarkSide or REvil ransomware groups. Turns out, we’ve got either their rebranded versions or two new ransomware gangs to contend with. The first new group to appear this month was Haron, and the second is named BlackMatter. As Ars Technica‘s Dan...

10CVSS9.7AI score0.99999EPSS
Exploits13References31
ThreatPost
ThreatPost
added 2019/07/18 3:48 p.m.377 views

Ke3chang APT Linked to Previously Undocumented Backdoor

The Ke3chang cyberespionage group, a.k.a. APT15, Mirage, Playful Dragon or Vixen Panda, has been tied to a backdoor called Okrum that has been used to target diplomatic missions throughout Europe and Latin America. The attribution widens the scope of known Ke3chang activity, an APT believed to be...

7.8AI score
Exploits0References8
ThreatPost
ThreatPost
added 2022/03/16 5:32 p.m.376 views

‘CryptoRom’ Crypto Scam is Back via Side-Loaded Apps

For about a year now, crypto-traders and lovelorn singles alike have been losing their money to CryptoRom, a malware campaign that combines catfishing with crypto-scamming. According to research from Sophos, CryptoRom’s perpetrators have now improved their techniques. They’re leveraging new iOS...

8.3AI score
Exploits0References11
ThreatPost
ThreatPost
added 2021/06/14 5:43 p.m.376 views

Moobot Milks Tenda Router Bugs for Propagation

A variant of the Mirai botnet called Moobot saw a big spike in activity recently, with researchers picking up widespread scanning in their telemetry for a known vulnerability in Tenda routers. It turns out that it was being pushed out from a new cyber-underground malware domain, known as Cyberium...

10CVSS9.2AI score0.99975EPSS
Exploits10References10
ThreatPost
ThreatPost
added 2020/10/13 4:39 p.m.375 views

Election Systems Under Attack via Microsoft Zerologon Exploits

U.S. government officials have warned that advanced persistent threat actors APTs are now leveraging Microsoft’s severe privilege-escalation flaw, dubbed “Zerologon,” to target elections support systems. Days after Microsoft sounded the alarm that an Iranian nation-state actor was actively...

10CVSS0.8AI score0.99999EPSS
Exploits229References24
ThreatPost
ThreatPost
added 2020/07/16 4:14 p.m.374 views

Zoom Addresses Vanity URL Zero-Day

A previously undisclosed bug in Zoom’s customizable URL feature has been addressed that could have offered a hacker a perfect social-engineering avenue for stealing credentials or sensitive information. Disclosed by Zoom and Check Point on Thursday, the security flaw existed in the “Vanity URL”...

8.1AI score0.0552EPSS
Exploits1References8
ThreatPost
ThreatPost
added 2019/06/21 7:35 p.m.371 views

Podcast: Dating App Privacy and NASA Cyberattack

Beyond the regular drumbeat of security vulnerabilities and patches this week, a slew of stories covered varying topics ranging from NASA to Tinder. The Threatpost team broke down the most interesting stories of the week, including: A ransomware webinar hosted by Threatpost editor Tara Seals, whi...

6.8AI score
Exploits0References7
ThreatPost
ThreatPost
added 2020/04/29 4:39 p.m.368 views

Critical GitLab Flaw Earns Bounty Hunter $20K

A critical GitLab vulnerability, which could be leveraged by a remote attacker to execute code, recently netted a researcher a $20,000 bug-bounty award. The flaw was reported to GitLab by software developer William Bowling via the HackerOne bug bounty platform on March 23. It was then disclosed...

0.2AI score0.26869EPSS
Exploits0References9
ThreatPost
ThreatPost
added 2017/12/28 2:1 p.m.368 views

Code Used in Zero Day Huawei Router Attack Made Public

Exploit code used in the Mirai malware variant called Satori, which was used to attack hundreds of thousands of Huawei routers over the past several weeks, is now public. Researchers warn the code will quickly become a commodity and be leveraged in DDoS attacks via botnets such as Reaper or...

10CVSS10AI score0.99975EPSS
Exploits8References5
Total number of security vulnerabilities5000